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(54) Secure computer system 

(57) A secure computer system uses a mobile phone network SIM card (50) as a source of user authentication 
information to determine whether to allow a user access. 
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Description 

[0001] The present invention relates to a secure com- 
puter system comprising a user authentication informa- 
tion source and a computer configured such that P during 
booting, it obtains user authentication data from said 
source and compares said authentication data with data 
stored in the computer enabling user access to the com- 
puter in dependence on the result thereof. 
[0002] There are various security methods to protect 
confidential information stored in computer systems. 
For instance, a computer system can be protected by a 
password which is set up by means of a BIOS {basic 
input/output system) setup menu and stored in a CMOS 
(complementary metal oxide semiconductor) RAM (ran- 
dom access memory) or a hard disk. However, security 
methods using CMOS RAM or a hard disk can allow a 
proficient user to gain il legal access to th e comp uter sys- 
tem without difficulty. 

[0003] To strengthen security of a computer system, 
there has been proposed other security methods using 
bio-information, such as fingerprints, IC (integrated cir- 
cuit) cards, magnetic cards, PC (personal computer) 
card, etc. 

[0004] In the case of security methods using bio-in- 
formation, such as fingerprints, irises, etc., although se- 
curity of the computer system is strengthened because 
individual characteristics of a user are employed to con- 
trol access, such security methods require expensive 
equipment. 

[0005] In the case of security methods using I C cards, 
magnetic cards, PC cards, etc., a user has to buy these 
cards separately, which can be uneconomical and cum- 
bersome. Furthermore, the passwords stored in the 
cards are not based upon individual characteristics of a 
user, but voluntary information setup by a user or a card 
supplier, so that the password employed for verifying a 
user's identity has relatively low reliability. In the partic- 
ular case of the PC card, if the PC card remains attached 
to the computer system, anyone can access and change 
data stored in the PC card. 

[0006] On the other hand, there is the GSM (Global 
System for Mobile Communications) mobile phone 
standard. In order to be able to use a GSM phone, a 
user has to be issued a SIM card storing user identifi- 
cation information, and the user inserts the SIM card in 
the GSM phone. The SIM card is detachably inserted in 
the mobile phone, and a user can access the wireless 
communication system with the user identification infor- 
mation stored in the SIM card. 

[0007] The user identification information stored in the 
SIM card is employed for authenticating a registered us- 
er and preventing an unregistered user from accessing 
the wireless communication system. Furthermore, the 
user identification information stored in the SIM card is 
typically thoroughly protected from disclosure to or re- 
covery by a third party, thereby preventing, for example, 
wiretapping and access to the user's identification infor- 



mation. 

[0008] A computer system according to the present 
invention is characterised in that the user authentication 
information source comprises a subscriber identity mod- 
5 ule for a mobile phone. 

[0009] The subscriber identity module may be mount- 
ed in a wireless communication card, preferably one for 
a GSM network. 

[001 0] A card reader may be provided for read ing sub- 
10 scriber identity modules. 

[0011] Embodiments of the present invention will now 
be described, byway of example, with reference to the 
accompanying drawings, in which:- 

15 Figure 1 is a block diagram of a first computer sys- 
tem according to the present invention; 
Figure 2 is a block diagram illustrating a second 
computer system according to the present inven- 
tion; 

20 Figure 3 is a control block diagram illustrating a third 
computer system according to the present inven- 
tion; 

Figure 4 is a flowchart of a process for setting up a 
password for a computer system according to the 
25 present invention; and 

Figure 5 is a flowchart of a security control process 
of a computer system according to the present in- 
vention. 

30 [0012] Referring to Figure 1, the computer system 
comprises a CPU (central processing unit) 2, a main 
memory 7, including a DRAM {dynamic random access 
memory), a BIOS-ROM 9 (basic input/output system - 
read only memory) storing a BIOS, a north bridge 3, a 

35 south bridge 5, an EEPROM (electrically erasable pro- 
grammable read only memory) 10 storing user identifi- 
cation information, a module interface 12, a communi- 
cation module 14 connected to the module interface 12, 
such as a PCI (peripheral component interconnect) in- 

40 terface, and a SIM card 50 storing user identification in- 
formation 55 and mounted on the communication mod- 
ule 14. 

[0013] The north bridge 3 is a chipset facilitating data 
transmission between the CPU 2, the main memory 7 

45 and a graphic card (not shown). The south bridge 5 is a 
chipset for facilitating data transmission between the 
components of the system, such as internal and external 
peripheral devices, and the north bridge 3. That is, the 
south bridge 5 facilitates data transmission involving the 

so module interfaces 12, a PCMCIA {personal computer 
memory card international association) interface, a USB 
{universal serial bus) interface, an ISA {industry stand- 
ard architecture) interface, etc. 

[0014] In Figure 1, the communication module 14 is a 
55 GSM modem suitable for accessing the Internet through 
a GSM network. However, the communication module 
14 could be any communication module capable of wire- 
lessly communicating with other devices and/or net- 
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works. Far instance, a CDMA (code division multiple ac- 
cess) network communication module, compatible with 
GSM networks, is being developed and could be used 
as the communication module 14. 
[0015] In Figure 1, the communication module 14 
holds the SIM card 50, storing user identification infor- 
mation 55 for authentication. The user identification in- 
formation 55 stored in the SIM card 50 is employed not 
only to verify a user's identity when a user accesses a 
communication network but also as a password for ac- 
cessing the computer system 1. 

[0016] The BIOS stored in the BIOS-ROM 9 as com- 
mand codes determines whether devices of the compu- 
ter system 1 are operating normally, and performs a 
POST {power on serf test) procedure for loading an OS 
(operating system) from a hard disk into the main mem- 
ory 7. Because typically the BIOS contains a security 
routine, the BIOS can determine whether the user iden- 
tification information 55 stored in the SIM card 50 is iden- 
tical to the user identification information stored in the 
EEPROM 10, perform the POST procedure, and allow 
a user to access the computer system 1 only when the 
user identification information 55 in the SIM card 50 is 
identical to the user identification information in the 
EEPROM 10. 

[0017] In Figure 1, the user identification information 
compared with the user identification information 55 
stored in the SIM card 50 may be stored in CMOS-RAM, 
a hard disk, etc., instead of the EEPROM 10. 
[0018] In Figure 1, according to the present invention, 
when the south bridge 5, the north bridge 3 and the CPU 
2 are set up in sequence and the BIOS stored in the 
BIOS-ROM 9 performs the POST procedure when the 
computer system is turned on or rebooted, and it is de- 
termined {for example, by software as part of the BIOS) 
whether the user identification information 55 stored in 
the SIM card 50 is identical to the user identification in- 
formation stored in the EEPROM 10, thereby allowing a 
user to access the computer system only when the user 
identification information 55 in the SIM card 50 is iden- 
tical to the user identification information in the EEP- 
ROM 10. The security control processes of the invention 
can be embodied in software and/or hardware, for ex- 
ample, as part of the north bridge 3, the south bridge 5, 
the BIOS 9 and/or the EEPROM 10 and executed on 
computer systems 1 using known techniques. 
[0019] The module interface 12 and the communica- 
tion module 14 of the computer system 1 can be applied 
to any computer system having a communication mod- 
ule carrying a SIM card. 

[0020] Referring to Figure 2, a secure computer sys- 
tem comprises a GSM/GPRS (global system for mobile 
communication /general packet radio services) module 
24 mounted in the main body of a portable computer 
system 4 S a SIM card reader 26 into which the SIM card 
50 is inserted, and a remote interface 22 for transmitting 
data from the SIM card reader 26 to the south bridge 5 
or the GSM/GPRS module 24. 



[0021] The SIM card reader 26 is provided in the main 
body of the portable computer system 4, and the SIM 
card 50 is inserted in the SIM card reader 26. When the 
SIM card 50 is inserted in the SIM card reader 26, the 

5 SIM card reader 26 transmits a card connection signal 
to the remote interface 22, and the SIM card reader 26 
reads data from the SIM card 50 according to a control 
signal transmitted from the remote interface 22. 
[0022] The GSM/GPRS module 24 is a modem for ac- 

10 cessing a GSM network using the SIM card 50, and is 
mounted in the main body of the portable computer 4. 
By means of the GSM/GPRS module 24, user identifi- 
cation information 55 stored in the SIM card 50 is trans- 
mitted to the GSM network for user authentication for 

15 accessing the GSM network. On the other hand, there 
is being developed technology that a user identification 
card, such as the SIM card 50, is applied to a CDMA 
module that is compatible with the GSM network, and 
therefore the modem 24 mounted in the main body may 

20 be a CDMA module. 

[0023] The south bridge 5 controls the remote inter- 
face 22 so that it operates selectively as an interface 
between the SIM card 50 and the GSM/GPRS module 
24 and an interface between the SIM card 50 and the 

25 south bridge 5. That is, if the portable computer system 
4 requires a password while booting, the remote inter- 
face 22 reads the user identification information 55 
stored in the SIM card 50 from the SIM card reader 26 
and transmits the user identification information 55 to 

30 the south bridge 5, thereby allowing access to the com- 
puter system 4 as described above with reference to 
Figure 1 (i.e., determine whether the user identification 
information 55 stored in the SIM card 50 is identical to 
the user identification information stared in the EEP- 

35 ROM 10, allowing access responsive to a match). Fur- 
ther, when a user wants to access the GSM network us- 
ing the GSM/GPRS module 24, the remote interface 22 
reads the user identification information 55 stared in the 
SIM card 50 from the SIM card reader 26 and transmits 

40 the user identification information 55 to the GSM/GPRS 
module 24, thereby allowing access to the GSM net- 
work. 

[0024] In Figure 2, in the computer system 4 with the 
GSM/GPRS module 24, the SIM card 50 is inserted in 
45 the SIM card reader 26, and the user identification in- 
formation 55 stored in the SIM card 50 is employed in 
accessing the computer system 4 and the GSM net- 
work. 

[0025] Referring to Figure 3, a secure computer sys- 
tern comprises a PCMCIA interface 32 and a detachable 
{portable) PCMCIA wireless modem 34 which is in com- 
munication with the computer 6 via the PCMCIA inter- 
face 32. 

[0026] The detachable PCMCIA wireless modem 34 
55 accesses the GSM network, and is provided with a card 
groove {not shown) having a card connector{not shown) 
to which the SIM card 50 can be connected. The PCM- 
CIA interface 32 controls peripheral devices attached to 
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a PCMCIA slot, such as the detachable (portable) PC- 
MCIA wireless modem 34, according to PCMCIA stand- 
ards based upon a control signal transmitted from the 
south-bridge 5. 

[0027] In Figure 3 P when the south bridge 5, the north 
bridge 3 and the CPU 2 are set up in sequence and a 
POST procedure is performed during turning on or re- 
booting of the computer system 6, a user can access 
the computer system 6 with the user identification infor- 
mation 55 stored in the SIM card 50 attached to the PC- 
MCIA wireless modem 34, as described with reference 
to Figures 1 and 2. 

[0028] The PCMCIA interface 32 in Figure 3, is only 
an example peripheral device interface 12 used in com- 
puter systems. Various other peripheral device interfac- 
es 12, such as PCI interfaces, USB interfaces, ISA in- 
terfaces, etc., can be employed in a computer to inter- 
face with any SIM card communication module 14 that 
provides the user identification information 55 stored in 
the SIM card 50. 

[0029] Referring to Figure 4, at operation 60, when a 
computer system of the present invention is turned on 
or rebooted, the south bridge 5, the north bridge 3 and 
the CPU 2 are set up in sequence and at operation 62 
the BIOS stored in the BIOS-ROM 9 performs the POST 
procedure. While the POST procedure is being per- 
formed at operation 62, a user selects, at operation 64, 
a password setup function using a setup key such as 
F2. If, at operation 64, the user selects a SIM card ac- 
cess function in the password setup function, at opera- 
tion 66, the computer system reads the user identifica- 
tion information 55 from the SIM card 50. At operation 
68, the user identification information 55 read from the 
SIM card 50 is stared in the EEPROM 10. 
[0030] Referring to Figure 5, at operation 70, when a 
computer system of the present invention is turned on 
or rebooted, the south bridge 5, the north bridge 3 and 
the CPU 2 are set up in sequence and at operation 72 
the BIOS stored in the BIOS-ROM 9 performs the POST 
procedure. Because, typically the BIOS contains a se- 
curity routine, the BIOS can determine at operation 74 
whether the SIM card 50 for authentication is connected 
to the computer system when performing the POST pro- 
cedure. If, at operation 74, the SIM card 50 is not con- 
nected to the computer system, the BIOS displays a 
message at operation 76 so as to make a user connect 
the SIM card 50 to the computer system. 
[0031] If the SIM card 50 is connected to the computer 
system at operation 74, the BIOS reads the user iden- 
tification information 55 from the SIM card 50 at opera- 
tion 78, and determines whether the user identification 
information 55 read from the SIM card 50 is identical to 
(matches/corresponds to) the user identification infor- 
mation previously stored in the EEPROM 10 at opera- 
tion 80. If the user identification information 55, read 
from the SIM card 50, is identical to (matches/corre- 
sponds to) the user identification information previously 
stored in the EEPROM 10 at operation 80, an operating 



system is executed at operation 82, thereby allowing a 
user to access and use the computer system. 
[0032] Oppositely, if the user identification information 
55 read from the SIM card 50 is not identical (does not 

5 match/does not correspond) to the user identification in- 
formation previously stored in the EEPROM 1 0 at oper- 
ation 80, a password error message is displayed at op- 
eration 84, thereby protecting the computer system. 
[0033] As described above, according to the present 

10 invention, the user identification information stored in a 
SIM card for mobile communications can be employed 
as the password of a computer system. Thus, a user 
can employ the user identification information of the SIM 
card, which has superior security, as the password for 

15 the computer system, thereby providing superior secu- 
rity for the computer system. As described above, the 
present invention provides a secure computer system 
using a SIM card and a security control method thereof, 
which provides inexpensive and superior security. 

20 

Claims 

1 . A secure computer system comprising: 

25 

a user authentication information source (50); 
and 

a computer configured such that, during boot- 
ing, it obtains user authentication data from 
so said source (50) and compares said authenti- 

cation data with data stored in the computer, 
enabling user access to the computer in de- 
pendence on the result thereof , 

35 characterised in that 

the user authentication information source 
(50) comprises a subscriber identity module for a 
mobile phone. 

40 2. A system according to claim 1 , including a wireless 
communication card (14; 34), wherein the subscrib- 
er identity module (50) is mounted in the wireless 
communication card (14; 34). 

45 3. A system according to claim 2, wherein the wire less 
communication card {14; 34) includes a transceiver 
for communication via a GSM network. 

4. A system according to claim 1, including a card 
so reade r (26) for read ing subscriber identity modu les . 

5. A secure computer system comprising: 

a SIM card storing user identification informa- 
55 tion; 

a communication module accessing a network 
with the user identification information stored in 
the SIM card; 
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a password storage staring the user identifica- 
tion information from the SIM card; and 
a controller allowing a user to access the com- 
puter system upon booting of the computer sys- 
tem when the user identification information 5 
stoned in the SIM card is identical to the user 
identification information stored in the pass- 
word storage. 

6. The computer system according to claim 5, further 10 
comprising: 

a SIM card reader to which the SIM card is in- 
serted; and 

a remote interface transmitting the user identi- ?5 
fication information from the SIM card reader to 
the communication module according to control 
of the controller 

wherein the controller reads the user identifi- 20 
cation information from the SIM card inserted in the 
SIM card reader through the remote interface. 

7. The computer system according to claim 5, wherein 

the communication module comprises a card con- 25 
nectorto which the SIM card is detachably connect- 
ed. 



12. The computer system of claim 5, further comprising 
a device interface interfacing with external devices 
and wherein the communication module is portable 
and in communication with the controller via the de- 
vice interface. 

13. The computer system of claim 5 wherein the net- 
work is a GSM network. 

14. A computer system, comprising: 

a password storage storing user identification 
information of a SIM card; and 
a controller in communication with the SIM card 
and allowing access to the computer system 
upon booting of the computer system when the 
user identification information of the SIM card 
matches the user identification information 
stored in the password storage. 

15. The computer system of claim 14, further compris- 
ing an interface interfacing with the SIM card and 
wherein the controller is in communication with the 
SIM card via the interface. 

16. The computer system of claim 15 P wherein the com- 
munication module accesses a GSM network. 



8. A method of controlling security of a computer sys- 
tem, comprising : 

storing user identification information from a 
SIM card used to access a network; 
reading the user identification information from 
the SIM card when the computer system is 
booted; 

determining whether the user identification in- 
formation stored in the SIM card is identical to 
the stoned user identification information; and 
allowing a user to access the computer system 
when the user identification information stored 
in the SIM card is identical to the stored user 
identification information. 



17. The computer system of claim 15, wherein the in- 
30 terface is one or more of a PCI, a USB, a PCMCIA, 

and an ISA interface. 

18. A secure computer system, comprising: 

35 a SIM card communication module accessing 

a GSM network using user identification infor- 
mation of a SIM card; and 
a controller in communication with the SIM card 
communication module and allowing access to 

40 the computer system based upon the user iden- 

tification information of the SIM card. 

19. A secure computer system, comprising: 



9. The method according to claim 8, further 
comprising : 

determining whether the SIM card is connected 
to the computer system; and 
informing a user of absence of the SIM card 
when the SIM card is not connected to the com- 
puter system. 



45 storage means for storing user identification in- 

formation of a SIM card; and 
control means for communicating with the SIM 
card and for allowing access to the computer 
system upon booting of the computer system 

50 when the user identification information of the 

SIM card matches the user identification infor- 
mation stored in the storage means. 



10. The computer system of claim 5, wherein an 
EPROM is the password storage. 

11. The computer system of claim 7, wherein the con- 
troller is a BIOS. 



20. The secure computer system of claim 19, further 
55 comprising interface means -for interfacing with the 
SIM card, wherein the control means communi- 
cates with the SIM card via the interface means. 
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